Information about BAA

What Is a HIPAA Business Associate Agreement?

BAA means Business Associate Agreement, under HIPAA, and must be signed with the hospital/health plan by those who handle personally-identifying client information, or process claims for hospitals, or provide online data backup services- Business Associates. The law requires organizations to obtain satisfactory assurances that the business associate will apply appropriately, safeguards, and protect patient data from unauthorized use and disclosure.

HIPAA covers various entities/organization, mainly health care providers in the US, who meet certain criteria. They are responsible for protecting client confidentiality, while acting as clearing houses, and must sign a BAA. It is important that people hired to handle patient information are living up to the same rules. To get that assurance, a “Business Associate Agreement” is used. These are vital matters; in their absence, or careless application, penalties and heavy fines will follow.

BAA's extend Medical Privacy standards to Health Care Businesses not directly subjected to to HIPAA. Business Associates can therefore include Attorneys, Accountants, Consultants, Pharmacists, Medical Transcriptionists. And BAA to BAA must also be signed. Let the experts at InfoSight Inc. navigate the very daunting HIPAA maze with you, and give you the necessary guidance. You have all to gain; nothing to lose in the process.

A BAA is a promise from the Business Associate, to safeguard data in the same ways you, as a covered entity, are required to do. Another important injunction is the assurance that the Associate will track “security incidents,” and provide audit trails, as necessary, to show movement, and details of your data. The need for audit trails is a lesser-known aspect of the HIPAA Security Rule, and is overlooked, due to the assumption that good encryption is sufficient; but, in reality, more is necessary for full compliance.

If you would like more information regarding BAA and HIPAA, contact us today to discuss your requirements.

Complementary Services
Vulnerability Assessment
IT Risk Assessment
Social Engineering Testing and Training